The present disclosure relates generally to computer system and network security and, more particularly, to methods, systems, computer program products for authenticating a user of a computer system and/or network.
Cloud computing is a computing paradigm where shared resources, such as processor(s), software, and information, are provided to computers and other devices on demand typically over a network, such as the Internet. In a cloud computing environment, details of the computing infrastructure, e.g., processing power, data storage, bandwidth, and/or other resources are abstracted from the user. The user does not need to have any expertise in or control over such computing infrastructure resources. Cloud computing typically involves the provision of dynamically scalable and/or virtualized resources over the Internet. A user may access and use such resources through the use of a Web browser. A typical cloud computing provider may provide an online application that can be accessed over the Internet using a browser. The cloud computing provider, however, maintains the software for the application and some or all of the data associated with the application on servers in the cloud, i.e., servers that are maintained by the cloud computing provider rather than the users of the application.
FIG. 1 illustrates a conventional cloud service model that includes Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Infrastructure as a Service, delivers computer infrastructure—typically a platform virtualization environment—as a service. Rather than purchasing servers, software, data-center space or network equipment, clients instead buy those resources as a fully outsourced service. Suppliers typically bill such services on a utility computing basis and the amount of resources consumed. Platform as a Service delivers a computing platform as a service. It provides an environment for the deployment of applications without the need for a client to buy and manage the underlying hardware and software layers. Software as a Service delivers software services over the Internet, which reduces or eliminates the need for the client to install and run an application on its own computers, which may simplify maintenance and support.
Enterprises typically use some form of authentication technique as part of restricting user access to resources. It is not uncommon for an enterprise to use different techniques for authenticating users to access different resources. For example, employees may need to enter only a password to access a general computing system. Departments and/or areas of the company that contain confidential information, however, may be protected by requiring users to both enter a password and also possess a hardware token for access. An enterprise can, thus, use many different types of authentication techniques to access a variety of different secure resources. Because of the number of authentication techniques that may be used and the number of resources that may be protected, it may be difficult to develop an authentication policy for an enterprise that protects the enterprise's resources in an effective and efficient manner.